WebService的幾種驗證方式
1.1WebService設計
1.1.1傳輸基本引數
1.1.2傳輸資料集合
(1)陣列
(2)DataSet
1.2WebService異常處理
1.3WebService效能
1.4WebService認證
請參考WebService認證學習報告
1.4.1各種認證方式
1.4.1.1Windows認證
(1)配置IIS中WebService檔案的許可權為整合Windows認證
(2)設定Web.Config
<authentication mode= "Windows">
</authentication>
1.4.2跟蹤使用者訪問
1.5WebService呼叫
1.5.1Windows認證
(1)NT認證使用時,Credentials必須指定System.Net.CredentialCache.DefaultCredentials
當設定為default時,客戶端根據服務端配置決定採用NTLM認證還是其他的安全認證
(2)例項化WebService物件
(3)新增WebService認證資訊
(4)呼叫WebService方法
LocalTest.GIISService localTest = new LocalTest.GIISService();
CredentialCache credentialCache = new CredentialCache();
NetworkCredential credentials = new NetworkCredential("XuJian", "password", "Snda");
credentialCache.Add(new Uri("http://localhost/GIIS/ GIISService.asmx"),
"Basic", credentials);
localTest.Credentials = credentialCache;
string tt = localTest.Hello("ssssssss");
1.6GIIS中WebService認證實現
該部分為本次GIIS中實現的認證方式,考慮到相關配置、維護性,不涉及其他認證方式的處理
1.6.1實現方式
SOAP Header + DES加解密 + Windows認證
1.6.2實現原理
(1)SOAP Header
SOAP包括四個部分: SOAP封裝(envelop),定義描述訊息
SOAP編碼規則
SOAP RPC呼叫和應答協定
SOAP繫結,底層協議交換資訊
其中envelop由一個或多個Header和一個Body組成,Header元素的每一個子元素稱為一個SOAP Header
(2)DES對稱加解密
通過Client端傳輸過來的已加密編碼,在客戶端進行解碼分析,實現認證,認證的user資訊來自於GIIS的系統登入使用者列表
對編碼和解碼的位元組型別儲存在Web.Config檔案中,要保持一致並對稱,且字元長度需設為8位
(3)整合Windows認證
作為域使用者可以通過該方式來呼叫、處理WebService,但非域使用者看通過我們自定義的SOAP Header方式來驗證
1.6.3實現步驟(SOAP)
(1)設定.asmx檔案的訪問許可權為“整合Windows認證”,不允許匿名訪問
(2)建立WebService認證類CredentialSoapHeader.cs,繼承SoapHeader
*呼叫者的資訊從系統維護的WscUser表中獲取
|
namespace XXX.WebService { public class CredentialSoapHeader : System.Web.Services.Protocols.SoapHeader { #region -- Private Attribute -- private string m_UserID = string.Empty; private string m_Password = string.Empty; #endregion #region -- Private Attribute -- /// <summary> /// user id /// </summary> public string UserID { get { return m_UserID; } set { m_UserID = value; } } /// <summary> /// user password /// </summary> public string PassWord { get { return m_Password; } set { m_Password = value; } } #endregion /// <summary> /// initial user id and papssword /// </summary> /// <param name="userID">user id</param> /// <param name="password">user password</param> public void Initial(string userID, string password) { UserID = userID; PassWord = password; } /// <summary> /// check user when use web service /// </summary> /// <param name="userID">user id</param> /// <param name="password">user password</param> /// <param name="message">return message</param> /// <returns></returns> public bool IsValid(string userID, string password, out string message) { message = ""; try { string userName = Encrypt.DecryptClient(userID); string userPassword = Encrypt.DecryptClient(password); Entity.GiWscuser userAuthority = new Entity.GiWscuser(); userAuthority.QueryMode = true; userAuthority.Active += true; userAuthority.Account += userName.Trim(); userAuthority.Password += userPassword.Trim(); DataTable dtblUser = userAuthority.Query( new String[] {userAuthority.Account, userAuthority.Password }, false, -1).Tables[0]; if (dtblUser.Rows.Count > 0) { return true; } else { message = "sorry, you have no access authority for current web service"; return false; } } catch(Exception ex) { message = "sorry, you have no access authority for current web service " + ex.Message; return false; } } /// <summary> /// check user authority /// </summary> /// <param name="message">message tip</param> /// <returns></returns> public bool IsValid(out string message) { return IsValid(m_UserID, m_Password, out message); } } } |
(3)建立DES加解密類,實現明文編碼與解碼
|
public class Encrypt { private static string ms_Key = System.Configuration.ConfigurationManager.AppSettings["EncryptKey"]; private static string ms_IV = System.Configuration.ConfigurationManager.AppSettings["EncryptIV"]; /// <summary> /// Encrypt a string /// </summary> /// <param name="ecryptString">string needs to be encrypted</param> /// <returns>the encrypted string</returns> public static string EncryptClient(string ecryptString) { if(ecryptString != "") { DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider(); cryptoProvider.Key = ASCIIEncoding.ASCII.GetBytes(ms_Key); cryptoProvider.IV = ASCIIEncoding.ASCII.GetBytes(ms_IV); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoProvider.CreateEncryptor(), CryptoStreamMode.Write); StreamWriter streamWriter = new StreamWriter(cryptoStream); streamWriter.Write(ecryptString); streamWriter.Flush(); cryptoStream.FlushFinalBlock(); memoryStream.Flush(); return Convert.ToBase64String(memoryStream.GetBuffer(),0,Int32.Parse(memoryStream.Length.ToString())); } else { return ""; } } /// <summary> /// Decrypt a string /// </summary> /// <param name="decryptString">string needs to be decrypted</param> /// <returns>the decrypted string</returns> public static string DecryptClient(string decryptString) { if(decryptString != "") { DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider(); cryptoProvider.Key = ASCIIEncoding.ASCII.GetBytes(ms_Key); cryptoProvider.IV = ASCIIEncoding.ASCII.GetBytes(ms_IV); Byte[] buffer = Convert.FromBase64String(decryptString); MemoryStream memoryStream = new MemoryStream(buffer); CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoProvider.CreateDecryptor(), CryptoStreamMode.Read); StreamReader streamReader = new StreamReader(cryptoStream); return streamReader.ReadToEnd(); } else { return ""; } } |
(4)在CredentialSoapHeader類中實現使用者認證資訊的解碼與合法性檢查,給出異常時的提示資訊
見CredentialSoapHeade的程式碼
(5)在目標Service類中例項化CredentialSoapHeader物件,並指定該物件為WebService方法的修飾
|
Namespace WebServiceAuthority { [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] public class GIISService : System.Web.Services.WebService { public CredentialSoapHeader myHeader = new CredentialSoapHeader(); /// <summary> /// get web service information by authority user /// </summary> /// <param name="contents">customize content</param> /// <returns></returns> [SoapHeader("myHeader")] [WebMethod(Description = "authority set for Web Service", EnableSession = true)] public string HelloWorld(string contents) { string message = ""; if (!myHeader.IsValid(out message)) return message; return "Hello World:" + contents; } } } |
1.6.4Client端呼叫方法(SOAP)
(1)新增WebService引用
URL地址為對應的GIIS WebService地址,引用的別名自定義
(2)例項化一個WebService的類物件
LocalService.GIISService localTest = new LocalService.GIISService();
(3)設定Credentials方式
localTest.Credentials = System.Net.CredentialCache.DefaultCredentials;
(4)傳遞編碼後的密文
(5)呼叫WebService提供的方法
(6)實現程式碼如下:
|
LocalService.GIISService localTest = new LocalService.GIISService(); localTest.Credentials = System.Net.CredentialCache.DefaultCredentials;//default credetials LocalService.CredentialSoapHeader header = new LocalService.CredentialSoapHeader();//Create SOAP header header.UserID = userName;//Set SOAP header user name information header.PassWord = userPassword;//Set SOAP header user password information localTest.CredentialSoapHeaderValue = header; this.Label1.Text = localTest.HelloWorld("ss"); |
至此已實現GIIS中的WebService驗證,如單獨採用Windows認證請參見下面的說明